Postcard From Jen Easterly's “Unsafe at Any CPU Speed” Lecture at Carnegie Mellon University

Read my reflection on CISA Director Jen Easterly's lecture at Carnegie Mellon University on the designed-in dangers of technology.

As a member of the Pittsburgh Technology Council, I receive invitations for many informative technology events within the Pittsburgh community.

On February 27, 2023, I attended one such event hosted by Carnegie Mellon University, featuring the honorable Jen Easterly, Director of the Cybersecurity & Infrastructure Security Agency (CISA). Her presentation was titled: Unsafe at any CPU Speed: The Designed-in Dangers of Technology and What We Can Do About It.

As someone with minimal computer science or software engineering experience, I felt that Director Easterly explained her key topics, including the normalization of technology risk acceptance and deviance, in a way that resonated with me.

She discussed her belief that unsafe technological design is often rooted in the manufacturing process. Most technology products, as she described, are “dangerous by design,” meaning products are not necessarily safe to use out of the box. 

Director Easterly discussed the security issues caused by technology manufacturers that knowingly prioritize speed-to-market, flashy features and cost-savings over safety and security when developing new products and services. Thus, these manufacturers may operate at the “accident boundary” line, knowingly pushing product safety and user security against the limit.

Going forward, Director Easterly advocates that safety and security must be crucial components of technology software design. If we continue to blame end-users rather than the “accident boundary” products themselves, we’re wrongly placing blame and not addressing the actual problem at hand. In her view, end-users are often treated as “crash test dummies” for these new products, and it’s just not sustainable. Technology manufacturers need to commit to prioritizing safety and security in whatever they do. 

To help manufacturers prioritize safety, Director Easterly shared CISA’s recent development of three core principles for them to abide by, including:

1. Adopting the mindset that the burden of safety should not fall on customers
2. Embracing radical transparency around the safety and security of products
3. Explicitly focusing on secure by design and secure by default products

With this in mind, Director Easterly also says it is important to remember the burden does not entirely fall on manufacturers. The government has a role to play and so do the future generations of software engineers and computer science majors, who will be the next generation of technology product designers and developers.

And what about the end-users? We should make our demands for safer and more secure products known.

When a holistic culture of safety and security ubiquitously underpins technology product quality, we will have made significant strides in uplifting the security of our technological world.

Director Easterly’s message was clear - let’s make tech even better, and more importantly, safer!

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind. 

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe. 

 To learn more, visit our dedicated Cybersecurity page.